Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
H
homepage
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
varnishcache
homepage
Commits
e776353e
Commit
e776353e
authored
Oct 07, 2019
by
Poul-Henning Kamp
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Move table of CVEs to top and bring it up to date.
parent
582be307
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
26 additions
and
14 deletions
+26
-14
index.rst
R1/source/security/index.rst
+26
-14
No files found.
R1/source/security/index.rst
View file @
e776353e
Security, bugs & vulnerabilities
================================
* Rev. 2018-11-15 *phk*
* Rev. 2019-10-07 *phk*
List of all Varnish CVEs
------------------------
============ =============== ============================================
Versions CVE What
============ =============== ============================================
6.0, 6.2 CVE-2019-15892_ :ref:`vsv00003`
4.1, 5.2 CVE-2017-8807_ :ref:`vsv00002`
4.x, 5.x CVE-2017-12425_ :ref:`vsv00001`
< 3.0.5 CVE-2013-4484_ DoS
<= 3.0.3 CVE-2013-0345_ Local information leak
2.0.6 CVE-2009-4488_ Trophy hunting
< 2.1.0 CVE-2009-2936_ Trophy hunting
============ =============== ============================================
.. _CVE-2019-15892: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15892
.. _CVE-2017-8807: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807
.. _CVE-2017-12425: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12425
.. _CVE-2013-4484: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484
.. _CVE-2013-0345: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0345
.. _CVE-2009-4488: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4488
.. _CVE-2009-2936: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936
.. toctree::
:hidden:
:maxdepth: 1
VSV00003.rst
...
...
@@ -71,7 +95,7 @@ would react to a major security issue:
Define "Major"
--------------
As you will notice if you peruse the CVEs listed
below
, we are not
As you will notice if you peruse the CVEs listed
above
, we are not
kindly inclined to trophy-hunting and shrill alarmism.
If security advisories are to have any utility, they should be both
...
...
@@ -86,7 +110,6 @@ On the other hand, if we find anything, on our own or thanks to
external contributors, which imperil Varnish users, we will not
hesitate to issue a CVE to get peoples attention.
11 years, really?
-----------------
...
...
@@ -97,17 +120,6 @@ since the very start.
`Here is a piece I wrote about it last year </docs/trunk/phk/thatslow.html>`_
List of all Varnish security issues
----------------------------------------
* CVE-____-____ -- :ref:`vsv00001`
* `CVE-2013-4484 -- < 3.0.5 -- DoS <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484>`_
* `CVE-2013-0345 -- <= 3.0.3 -- Local information leak <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0345>`_
* `CVE-2009-4488 -- 2.0.6 -- Trophy hunting <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4488>`_
* `CVE-2009-2936 -- < 2.1.0 -- Trophy hunting <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936>`_
PGP key
-------
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment